Apple Releases iOS 6.1.3 to Fix Passcode Security Bug

Posted March 19, 2013 by byMarianne Schultz

Apple has released iOS 6.1.3 today to fix a bug that allows users to bypass an iPhone’s passcode lock and access contacts and make phone calls. The update also brings improvements to Apple’s Maps data in Japan.

The passcode bypass bug was discovered by JailBreakNation last month. The method to bypass a passcode lock in iOS 6.1 requires several steps in a specific sequence involving the emergency call button available on the iPhone’s lock screen and the device’s sleep/wake button. JailBreakNation stated that creating contacts, viewing photos saved in the Photos app, and sending emails and texts using the contact sharing feature are all possible through the exploitation of this bug.

If you’re concerned about others getting access to your photos and contact information or using your iPhone to make calls despite the fact that you have a passcode lock set, you should download this update. However, if you jailbreak your iPhone, note that this update closes down some of the exploits used in the latest jailbreak method, evasi0n, so once you update, you’ll lose your jailbreak and there’s no way to get it back for most devices according to one of the hackers who created evasi0n.

iOS 6.1.3 applies to the iPhone 3GS, iPhone 4, iPhone 4S, iPhone 5, the iPad 2 and later, and the fourth-generation and later iPod touches. It’s a free download that can be obtained through iTunes on your computer or as an over-the-air update on your compatible iOS device in the Software Update area of the General section in the Settings app.

It’s probably worth noting that, while this app was designed to fix a security problem, it also introduced a new one. Specifically, a malicious user could gain access to your contacts and photos (sound familiar) by using voice dial and removing the SIM at just the right time.

This new vulnerability was demonstrated on the iPhone 4 series, but it has also been claimed to have been seen on iPhone 5 devices as well.

In other words… we just traded one vulnerability for another that is nearly identical in scope. This is why I always recommend waiting 3 weeks for issues to be reported, then another 1-3 weeks to see how widespread and serious they are. Personally, I’m really looking forward to an update that doesn’t carry with it some kind of serious flaw. 6.1 brought with it some significant battery issues. 6.1.2 brought with it a vulnerability. 6.1.3 brought with it another vulnerability. Come on, Apple! Give me an update I won’t regret installing. Until then, I’m stuck on 6.0.1. 🙁

I watched the video — it’s a neat bypass, but it doesn’t let someone get to every part of your phone. Just a lot of it (contacts, pics, etc). Didn’t see that you could get to email, tho, and this hack def did not allow someone to change pwd or have unlimited access.
But it’s enough of a security hole that it made Apple jump.

Comments are closed.

About AppShopper

AppShopper is one of the largest iPhone, iPad, and Mac app directories attracting over 480,000 unique people per month with over 9.5 million page views to the site. Our audience is interested in app discovery.